# Refused to display site in an iframe, X-Frame-Options to 'SAMEORIGIN' (ok)

Đã ok.

<https://github.com/niutech/x-frame-bypass>

{% file src="/files/-MCFTSmPWrRfgG4q6o-V" %}

{% embed url="<https://unpkg.com/@ungap/custom-elements-builtin>" %}

{% file src="/files/-MCFTkeG9AersIArE1HA" %}

```
<!DOCTYPE html>
<html>
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>X-Frame-Bypass For Global CI calendar</title>
    <style>
        html, body {
            margin: 0;
            padding: 0;
            height: 100%;
            overflow: hidden;
        }
        iframe {
            display: block;
            width: calc(100% - 40px);
            height: calc(100% - 40px);
            margin: 20px;
            border: 0;
        }

    </style>

    <!-- To bypass the CROSS ORIGIN Resource issue -->
        <script src="x-frame-bypass.js" type="module"></script>

    <!-- Support Customized built-in elements for Safari-->
        <script src="https://unpkg.com/@ungap/custom-elements-builtin"></script>

</head>
<body>
    <iframe is="x-frame-bypass" src="https://www.link_to_any_website.com"></iframe>
</body>
</html>
```

## [Refused to display site in an iframe, X-Frame-Options to 'SAMEORIGIN'](https://stackoverflow.com/questions/24421260/refused-to-display-site-in-an-iframe-x-frame-options-to-sameorigin)

[Ask Question](https://stackoverflow.com/questions/ask)Asked 6 years agoActive [5 months ago](https://stackoverflow.com/questions/24421260/refused-to-display-site-in-an-iframe-x-frame-options-to-sameorigin?lastactivity)Viewed 31k times52

Getting an error when i try to inspect element in chrome:

Refused to display '<http://www.samplesite.com/>' in a frame because it is set `'X-Frame-Options'` to `'SAMEORIGIN'`.

How to display a site inside an iframe in which the website has `'X-Frame-Options'` to `'SAMEORIGIN'`?

I tried searching on google but I could not find any proper solution, some are for asp.net only.[iframe](https://stackoverflow.com/questions/tagged/iframe) [x-frame-options](https://stackoverflow.com/questions/tagged/x-frame-options)[share](https://stackoverflow.com/q/24421260)  [improve this question](https://stackoverflow.com/posts/24421260/edit)  follow [edited Jan 21 at 12:45](https://stackoverflow.com/posts/24421260/revisions)[![](https://www.gravatar.com/avatar/5e12507f8dc891f505cf82520d3adda6?s=32\&d=identicon\&r=PG)](https://stackoverflow.com/users/1931271/lbonn)[lbonn](https://stackoverflow.com/users/1931271/lbonn)2,1411919 silver badges3131 bronze badgesasked Jun 26 '14 at 1:53[![](https://i.stack.imgur.com/EFvX0.jpg?s=32\&g=1)](https://stackoverflow.com/users/3068292/zen)[zen](https://stackoverflow.com/users/3068292/zen)26322 gold badges77 silver badges1919 bronze badges

* Possible duplicate of [How to set 'X-Frame-Options' on iframe?](https://stackoverflow.com/questions/27358966/how-to-set-x-frame-options-on-iframe) – [Quentin](https://stackoverflow.com/users/19068/quentin) [Jan 22 '19 at 14:50](https://stackoverflow.com/questions/24421260/refused-to-display-site-in-an-iframe-x-frame-options-to-sameorigin#comment95441472_24421260)

[add a comment](https://stackoverflow.com/questions/24421260/refused-to-display-site-in-an-iframe-x-frame-options-to-sameorigin#)

### 4 Answers

[Active](https://stackoverflow.com/questions/24421260/refused-to-display-site-in-an-iframe-x-frame-options-to-sameorigin?answertab=active#tab-top)[Oldest](https://stackoverflow.com/questions/24421260/refused-to-display-site-in-an-iframe-x-frame-options-to-sameorigin?answertab=oldest#tab-top)[Votes](https://stackoverflow.com/questions/24421260/refused-to-display-site-in-an-iframe-x-frame-options-to-sameorigin?answertab=votes#tab-top)3

Web server conf,

for me i use nginx.conf

find `add_header X-Frame-Options SAMEORIGIN;` and change it to`add_header X-Frame-Options "ALLOWALL";`

Your web server sends the header and blocks the content. You should probably change this setting to Allow from same origin.[share](https://stackoverflow.com/a/25029803)  [improve this answer](https://stackoverflow.com/posts/25029803/edit)  follow answered Jul 30 '14 at 6:07[![](https://i.stack.imgur.com/I8GPJ.jpg?s=32\&g=1)](https://stackoverflow.com/users/1905008/ysk)[ysk](https://stackoverflow.com/users/1905008/ysk)78788 silver badges88 bronze badges

* 4From where we should change this settings. – [Sukhpal Singh](https://stackoverflow.com/users/9563742/sukhpal-singh) [Sep 12 '18 at 4:44](https://stackoverflow.com/questions/24421260/refused-to-display-site-in-an-iframe-x-frame-options-to-sameorigin#comment91522972_25029803)

[add a comment](https://stackoverflow.com/questions/24421260/refused-to-display-site-in-an-iframe-x-frame-options-to-sameorigin#)1

To solve this error:

![Issue as mentioned in screenshot](https://i.stack.imgur.com/x4ico.png).

You just place this code in your `.htaccess` file according to the access level you want to provide:

1. `X-Frame-Options: deny`
2. `X-Frame-Options: sameorigin`
3. `X-Frame-Options: "allow-from https://example.com/"`

[share](https://stackoverflow.com/a/54183167)  [improve this answer](https://stackoverflow.com/posts/54183167/edit)  follow [edited Jan 14 '19 at 14:27](https://stackoverflow.com/posts/54183167/revisions)[![](https://www.gravatar.com/avatar/883238a436c061eaf848af87b8fda561?s=32\&d=identicon\&r=PG)](https://stackoverflow.com/users/1324/paul-roub)[Paul Roub](https://stackoverflow.com/users/1324/paul-roub)34.2k88 gold badges6565 silver badges8080 bronze badgesanswered Jan 14 '19 at 14:13[![](https://i.stack.imgur.com/MQDSN.jpg?s=32\&g=1)](https://stackoverflow.com/users/10912178/mustaneer-abdullah)[Mustaneer Abdullah](https://stackoverflow.com/users/10912178/mustaneer-abdullah)7144 bronze badges[add a comment](https://stackoverflow.com/questions/24421260/refused-to-display-site-in-an-iframe-x-frame-options-to-sameorigin#)0

Me too I had a similar problem. Loading my web page into an iframe on another website I was getting this error: *Refused to display '*[*https://mywebsite.com*](https://mywebsite.com/)*' in a frame because it set 'X-Frame-Options' to 'sameorigin'.*

I've solved using this web component that allow an IFrame to bypass the X-Frame-Options: deny/sameorigin response header. <https://github.com/niutech/x-frame-bypass>

To test it, just save this code in an **index.html** file and place in the same directory the file **x-frame-bypass.js** that you can download from the above Github repository.

Since Safari doesn't support Customized built-in elements, I've added an extra script that allow the support. <https://www.chromestatus.com/feature/4670146924773376>

```
<!DOCTYPE html>
<html>
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>X-Frame-Bypass For Global CI calendar</title>
    <style>
        html, body {
            margin: 0;
            padding: 0;
            height: 100%;
            overflow: hidden;
        }
        iframe {
            display: block;
            width: calc(100% - 40px);
            height: calc(100% - 40px);
            margin: 20px;
            border: 0;
        }

    </style>

    <!-- To bypass the CROSS ORIGIN Resource issue -->
        <script src="x-frame-bypass.js" type="module"></script>

    <!-- Support Customized built-in elements for Safari-->
        <script src="https://unpkg.com/@ungap/custom-elements-builtin"></script>

</head>
<body>
    <iframe is="x-frame-bypass" src="https://www.link_to_any_website.com"></iframe>
</body>
</html>
```

[share](https://stackoverflow.com/a/54310714)  [improve this answer](https://stackoverflow.com/posts/54310714/edit)  follow [edited Jan 24 '19 at 6:26](https://stackoverflow.com/posts/54310714/revisions)answered Jan 22 '19 at 14:44[![](https://i.stack.imgur.com/sRO7e.png?s=32\&g=1)](https://stackoverflow.com/users/10075394/davide-casiraghi)[Davide Casiraghi](https://stackoverflow.com/users/10075394/davide-casiraghi)1,22199 silver badges3030 bronze badges

* 3**Danger**: This script works by passing everything through a proxy server. All data will be visible to the controller of the proxy server (including any login credentials submitted through the iframe). It depends on the proxy server being live (and open proxies like this tend to just strain under ever increasing load until they die and break your site which depends on them). Using a proxy to bypass X-Frame-Options dips into risky intellectual property territory too: you risk getting sued for copyright infringement. – [Quentin](https://stackoverflow.com/users/19068/quentin) [Jan 22 '19 at 14:47](https://stackoverflow.com/questions/24421260/refused-to-display-site-in-an-iframe-x-frame-options-to-sameorigin#comment95441342_54310714)&#x20;


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://learnhtml.gitbook.io/project/refused-to-display-site-in-an-iframe-x-frame-options-to-sameorigin-ok.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.